For EC2 requests, AuthFailure should be raised instead of SignatureDoesNotMatch.

2019-07-24 19:47:39 +02:00 · 2019-07-24 19:47:39 +02:00 · d471eb69c0
commit d471eb69c0
parent e22e8b5a67
1 changed files with 7 additions and 1 deletions
--- a/moto/core/authentication.py
+++ b/moto/core/authentication.py
@ -146,7 +146,7 @@ class IAMRequestBase(object):
        original_signature = self._get_string_between('Signature=', ',', self._headers['Authorization'])
        calculated_signature = self._calculate_signature()
        if original_signature != calculated_signature:
-            raise SignatureDoesNotMatchError()
+            self._raise_signature_does_not_match()

    def check_action_permitted(self):
        policies = self._access_key.collect_policies()
@ -163,6 +163,12 @@ class IAMRequestBase(object):
        if not permitted:
            self._raise_access_denied()

+    def _raise_signature_does_not_match(self):
+        if self._service == "ec2":
+            raise AuthFailureError()
+        else:
+            raise SignatureDoesNotMatchError()
+
    @abstractmethod
    def _raise_access_denied(self):
        raise NotImplementedError()